How to Keep Your Wireless Security Cameras and Smart Home Devices SafeBy - 10/20/2017
We’re kind of crazy about home security and smart home devices around here. Whether it’s testing the latest outdoor security cameras or figuring out new ways to use Amazon’s Alexa, we like to get our hands dirty with new smart home devices. Yet the increasing security risks posed by smart home devices is something we’ve been keeping our eye on as well.
The “Internet of things,” or IoT, creates a noticeable security risk all its own. As recent events like the Equifax hack and the WannaCry ransomware have shown, the Internet is far from a secure place to store all of your personal information. With but a few exceptions, almost all of the smart home devices we’re connecting around our homes either directly or indirectly connect to the internet. And many of them have far more of our personal data stored in their buffers than we might realize or care to admit.
Before you go pulling plugs, not every smart home device is a gateway for hackers and data theft. In fact, some of our favorite devices, such as Arlo and Canary are well-respected for their built-in security features. And while Amazon’s Alexa might have been bugged in response to some probing questions about CIA spying, there’s a good chance most of these always-on devices aren’t loaded with government spyware.
Now more than ever, it’s important to take some precautions to keep your smart home safe and secure. Even with built-in security measures, crafty hackers can utilize weaknesses in an Internet connection to infiltrate your home, or take advantage of poor data transmission security found with some Wi-Fi cameras. Once inside, they can find ways to spy on your IP camera feeds, discover what you ask your Google Home, or even turn your smart home devices into a
Security Risks for Smart Home Devices
So what security risks exist when it comes to smart home devices? There are quite a few. We asked our friends over at Comparitech.com, an online privacy and security website, to lend a little insight on this matter. For internet-connected devices, all of the following could be a concern.
Permanent Denial of Service
We’re going to go ahead and claim this one as the most 21st century hack we’ve read about. Similar to a Distributed Denial of Service (DDOS) attack in which hackers load your network with so many requests that your Internet connection crashes, a Permanent Denial of Service (PDOS) attack uses flash firmware updates to physically overheat and destroy hardware. Yes, you read that correctly. There are now cyber attacks that can physically destroy your smart home devices by overheating them.
PDOS attacks are real, and have been demonstrated by security professionals. Weak security in your network or home security devices can make it easy for these types of attacks to occur. There’s no actual benefit to the hackers since they don’t earn any monetary value in this, but teenaged hackers have been known to commit cyber attacks for reasons beyond just a quick buck on the Dark Web.
Man-in-the-Middle attacks are a strong yet underestimated threat to smart home devices. There are several ways someone can infiltrate your home network, from a weak Wi-Fi password to malware. However, once in, they can spy on your network traffic going to and coming from different websites. This is where Man-in-the-Middle threats get their name. A third party literally sits in the “middle” of your network traffic, either manipulating your data or outright stealing it as it passes between you and another destination.
Types of MITM attacks include:
- Wi-Fi hacking
- DNS Spoofing
- STP Mangling
- Port Stealing
- ARP Poisoning
- Replay attacks
- Android app debugging attacks
If this list sounds long and confusing to you, you’re in good company. Unless you’re a cybersecurity professional, there’s a good chance you’ve never heard of most, if not all of these threats. However, these cyber attacks all involve hackers gaining access to your network and doing pretty much anything they want with the data passing through it.
Of particular concern for MITM is the fact that Wi-Fi networks are increasingly weak to hacking. As the recent Krack Wi-Fi meltdown has shown us, even the most secure Wi-Fi security method can be hacked. Of more concern is the fact that the patching process for these flaws is itself sometimes flawed and slow.
Ultimately, some security concerns simply can’t be prevented. When big companies like Yahoo have their servers hacked and their customers’ passwords stolen, there’s little users can do about it beyond changing their passwords (or abandon that service altogether).
However, if you use weak passwords for your smart home devices and security cameras, you’re inviting an easy hack. Strong passwords can help prevent some data theft, but if the hack happens against the device or service provider, there’s nothing you can do except hope and pray that the hackers don’t use or sell your data. Data breaches are increasing in regularity, so if you haven’t already been the victim of one, there’s a good chance you will be at some point.
IP Camera Feed Hijacking
PCWorld covered this issue back in 2013, and it’s still as relevant now as it was then. All internet-connected devices, including wireless security cameras, have their own IP address. An IP address is like an address for Internet devices that indicates exactly where each device is located on the World Wide Web.
In most cases, these IP addresses are fairly secure. However, if someone is able to infiltrate your home network they could easily acquire all the IP addresses for your connected smart home devices. If they can acquire your camera’s IP address, they can figure out how to hack into the feed as well. That includes tapping into your camera’s audio feed, making your camera and it’s built-in mic instant security risks.
This is also true of camera feeds that can be shared with friends and relatives. Some wireless cameras, such as the Foscam allow you to share your camera feed to friends and family, so long as they have the link or their own temporary account. But if you can share it with family and friends, that also means you’re broadcasting that connection over the internet, even if the connection is mostly secure.
This list is far from exhaustive. Hackers are regularly coming up with new ways to infiltrate home networks and even more creative ways to steal data once they’re in. As the number of smart home devices we own and use increases, they add more exposure to our home networks and our personal security.
How to Secure Your Smart Home Devices
There’s no cure-all method to solving all of your smart home security risks. Unfortunately, hackers are as creative as they are driven to steal, so they’ll always come up with something new. That said, you can still take a few simple steps to help prevent the vast majority of threats to your smart home devices and Wi-Fi cameras.
Comparitech suggests all of the following solutions to help lock down your smart home devices.
Use Strong Passwords and Only Change Them If Needed
Despite current popular belief, short passwords with an array of letters, numbers, and symbols are not particularly strong. And changing those passwords frequently may actually be counter-productive. In fact, you can make strong passwords that use nothing but standard English words and keep those passwords for as long as they’re secure. The key is to make them both long and nonsensical, as computers have a hard time with these. The U.S. government recently updated its guidelines on strong passwords to suggest using this method. (Note: A stunning 17% of people are still using “12345” as a password, which is cracked instantly by a computer.) If you want to make an extra-strong password, create one that is both long and uses a few symbols and numbers.
To make your life easier, Comparitech has both a strong password generator and a password strength tester. You can use both of these tools to make unique, tough-to-crack passwords. To keep those passwords in order, consider a secure password manager that will store and automatically input your passwords into your various website accounts. Most web browsers have included managers, and Mac users can avail themselves of Apple’s Keychain application.
For the sake of argument, one of my current passwords is 12 characters long, uses a nonsense word, and utilizes both numbers and symbols. According to Comparitech’s strength tester, it would take 63 billion years for a computer to crack it. I think I can rest easy.
It’s a good idea to change your password now and then, but not too often. Some research suggests that changing passwords too often results in poor quality passwords or ones that are only slightly different than the previous one. It’s a good idea to make those smart home device and account passwords strong the first time around then hold onto them for a while. Most experts now will suggest creating strong passwords and only changing them if those accounts become compromised–such as following a data breach.
Update Your Devices Whenever Possible
Even if your smart home device is hot and fresh from a Kickstarter campaign, the first iteration of its firmware is not going to be the last. Particularly for popular devices, the software operating that device can be a target for hackers trying to figure out the best way to crack its security measures.
If your device company rolls out a software update, it’s best to update your device immediately. Most software updates focus on not just fixing functionality issues, but shoring up any security flaws.
Additionally, always download and install firmware updates from your device maker’s official source. Never install official device firmware from a third party, even if it seems trustworthy.
Finally, not all firmware updates are automatic or even made obvious in the device’s included app. Check your device software regularly for updates to the firmware.
Purchase a Smart Home Security Device
There are still a lot of unknowns with smart home devices. However, innovation keeps forging ahead. As with most new technology, ways to make the tech safer have lagged a bit behind the device innovations and upgrades. There’s an emerging market for smart home devices that protect against cyber threats, but these devices do exist.
We reviewed four of them: Cujo, Dojo, Keezel, and RATtrap, all of which are designed to protect your home network against cyber threats.
Cujo, for example, adds an extra firewall to your home internet connection, helping to filter out unwanted connections before they occur.
Dojo routes your connection through a Virtual Private Network, or VPN, something we’ll discuss at the end of this article.
Keezel and RATtrap both take a look at your network’s metadata, although RATtrap goes a step further and actually analyzes and tracks malicious sites alongside metadata.
You can read our comparative review on Cujo, Dojo, Keezel and RATtrap to learn more about these devices.
Secure Your Wi-Fi Network
Although keeping strong passwords is a given here, there are some additional, more tech-savvy tweaks you should consider to ensure a stronger Wi-Fi network.
By far, your Wi-Fi router is going to be your most vulnerable Internet device, so all of these tweaks apply to that piece of equipment blasting wireless signals all over your house.
Change Default Username and Password
First, if you haven’t changed the default password and username, do this immediately. Although these are often randomly generated and unique to each device before it’s boxed and shipped, this is not always the case. The included password may also be far weaker than you’d prefer, and there’s no guarantee that an employee at the manufacturer or even the store you bought it from didn’t snag this information before you received the device. Utilize a password generator to create a new, stronger password, or make one for yourself that will far surpass the security of the included password.
Update Your Firmware
Next, update your router’s firmware. Note that if you intend to run a VPN on your router, you do not want to update the firmware from the device provider. Instead, you’ll update the third-party firmware you installed that lets you run a VPN on your wireless router. Otherwise, go through your device settings either in your web browser on the physical device (if it includes a touchscreen) and regularly check for firmware updates.
Additionally, Comparitech recommends you consider carefully whether you want automatic updates. There are benefits and downsides to both. Of course, as mentioned earlier, with the new threat of PDOS attacks and other types of cyber attacks and hacking, automatic firmware updates may put you at risk.
There are a few additional measures you will want to take that get even more technical. These include changing your security from WEP to WPA2, checking port 32764, and other changes that will help ensure better network security. For more details, check out this guide to securing your Wi-Fi wireless router and Wi-Fi network.
Taking the time to secure your wireless router might seem a bit troublesome, but it’s fundamentally important. Routers are far from secure, and even the most trusted Wi-Fi router security features can now be hacked. Weak network security has even led security professionals, such as researchers from Symantec, to suggest individuals turn to routing their connections through a VPN for important data transmissions.
This leads us to our next and final point.
Run Your Internet Connection Through a Virtual Private Network
There are limited methods you can employ to secure your entire home network and every smart home device on it. One of the best methods recommended to us by Comparitech is to utilize a virtual private network, or VPN.
VPNs are a mixture of software and networking protocols that reroute your unprotected Internet connection through a private, heavily encrypted “tunnel.” Once you connect to a VPN server, there are several things happening, of which two are particularly important.
First, and arguably the most important thing happening is an enhancement to your network security. Connecting to a VPN server creates a private channel between yourself and your VPN provider. The server on the other end is also connected to the Internet. Through this method, you access the Internet through the VPN server, and all data is transferred back to your VPN-connected devices through the private encrypted channel.
Most top-tier VPN services provide military-grade encryption that cannot be cracked through brute force methods. The only way someone can snoop in on your Internet activity is if they already had malware hiding on your system, or if they know your IP address.
A VPN solves the IP address issue, however. Reputable VPN services will assign you a new IP address upon connecting to their servers. Even if a hacker was snooping on the activity, they wouldn’t be able to track it back to you. Your actual identity would be anonymized.
VPNs are typically run through individual devices, such as computers and mobile devices. However, this is infeasible for most smart home devices which cannot have VPN software installed on them natively. However, there’s a workaround. By configuring a VPN on your wireless router, all devices operating on your home network can benefit from the VPN connection.
There are some drawbacks, however. By the nature of how they work, VPNs will slow down your connection. Depending on the VPN service provider, you may experience only a minor decrease in your bandwidth. Some providers do not maintain updated or fast servers, however, so you might experience speed decreases that negatively impact streaming data, especially if you’re using multiple bandwidth-hungry Wi-Fi cameras.
Additionally, getting a VPN on your router is no cakewalk. The process can be complicated if you choose to do it yourself on your own router. Some VPN services do sell routers that come with their software pre-installed, but if you already have a router you like, you may need to do the legwork yourself.
As for which VPN provider you might want to utilize here, Comparitech suggests two: IPVanish or ExpressVPN. Both are ranked well in the industry for providing strong security with minimal speed loss and importantly, don’t keep logs of your internet activity. There are far more than those two, however, and Comparitech suggests doing your research and choosing a VPN that you feel best fits your needs.
The security of our homes is the reason why we invest so heavily in the latest smart home security devices. But it’s somewhat of a “brave new world,” so to speak. Much as the oil industry is still catching up technologically with how to mitigate environmental needs with their core drilling businesses, smart home tech companies are still somewhat floundering when it comes to making sure they don’t create a security problem while trying to solve another one.
There’s no one way to protect your smart home devices. However, keeping your firewalls in place, making sure your passwords are strong, and even investing in additional networking security devices or software may help add a much needed digital fence around your smart home.